From owner-svn-src-head@freebsd.org Tue Aug 7 13:50:22 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0715B105F279; Tue, 7 Aug 2018 13:50:22 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ADC1D8FE14; Tue, 7 Aug 2018 13:50:21 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8ECD31C9BC; Tue, 7 Aug 2018 13:50:21 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w77DoLYF037793; Tue, 7 Aug 2018 13:50:21 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w77DoLhP037792; Tue, 7 Aug 2018 13:50:21 GMT (envelope-from markj@FreeBSD.org) Message-Id: <201808071350.w77DoLhP037792@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Tue, 7 Aug 2018 13:50:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r337415 - head/sbin/dhclient X-SVN-Group: head X-SVN-Commit-Author: markj X-SVN-Commit-Paths: head/sbin/dhclient X-SVN-Commit-Revision: 337415 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Aug 2018 13:50:22 -0000 Author: markj Date: Tue Aug 7 13:50:21 2018 New Revision: 337415 URL: https://svnweb.freebsd.org/changeset/base/337415 Log: dhclient: Enter capability mode before dropping privileges. This is needed to be able to chroot in the fallback case where Capsicum is not available. Reported by: Daniel Braniss X-MFC with: r337382 Sponsored by: The FreeBSD Foundation Modified: head/sbin/dhclient/dhclient.c Modified: head/sbin/dhclient/dhclient.c ============================================================================== --- head/sbin/dhclient/dhclient.c Tue Aug 7 13:46:06 2018 (r337414) +++ head/sbin/dhclient/dhclient.c Tue Aug 7 13:50:21 2018 (r337415) @@ -529,23 +529,21 @@ main(int argc, char *argv[]) if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS) error("can't limit route socket: %m"); - if (setgroups(1, &pw->pw_gid) || - setegid(pw->pw_gid) || setgid(pw->pw_gid) || - seteuid(pw->pw_uid) || setuid(pw->pw_uid)) - error("can't drop privileges: %m"); - endpwent(); setproctitle("%s", ifi->name); + /* setgroups(2) is not permitted in capability mode. */ + if (setgroups(1, &pw->pw_gid) != 0) + error("can't restrict groups: %m"); + if (caph_enter_casper() < 0) error("can't enter capability mode: %m"); /* - * If we are not in capability mode (i.e., because Capsicum or - * libcasper is disabled), try to restrict filesystem access. This - * will fail if kern.chroot_allow_open_directories is 0 or the process - * is jailed. + * If we are not in capability mode (i.e., Capsicum or libcasper is + * disabled), try to restrict filesystem access. This will fail if + * kern.chroot_allow_open_directories is 0 or the process is jailed. */ if (cap_getmode(&capmode) < 0 || capmode == 0) { if (chroot(_PATH_VAREMPTY) == -1) @@ -553,6 +551,10 @@ main(int argc, char *argv[]) if (chdir("/") == -1) error("chdir(\"/\")"); } + + if (setegid(pw->pw_gid) || setgid(pw->pw_gid) || + seteuid(pw->pw_uid) || setuid(pw->pw_uid)) + error("can't drop privileges: %m"); if (immediate_daemon) go_daemon();